@hellocoop/express 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/handlers/callback.d.ts.map +1 -1
- package/dist/handlers/callback.js +10 -10
- package/dist/handlers/config.d.ts +1 -1
- package/dist/handlers/config.d.ts.map +1 -1
- package/dist/lib/auth.d.ts +1 -1
- package/dist/lib/auth.d.ts.map +1 -1
- package/dist/lib/auth.js +8 -24
- package/dist/lib/oidc.d.ts.map +1 -1
- package/dist/lib/oidc.js +1 -0
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AA8B3C,QAAA,MAAM,cAAc,QAAe,OAAO,OAAO,QAAQ,
|
|
1
|
+
{"version":3,"file":"callback.d.ts","sourceRoot":"","sources":["../../src/handlers/callback.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AA8B3C,QAAA,MAAM,cAAc,QAAe,OAAO,OAAO,QAAQ,uDAuHxD,CAAA;AAED,eAAe,cAAc,CAAA"}
|
|
@@ -29,11 +29,14 @@ const sendErrorPage = (error, target_uri, req, res) => {
|
|
|
29
29
|
};
|
|
30
30
|
const handleCallback = async (req, res) => {
|
|
31
31
|
var _a;
|
|
32
|
-
const { code, error, wildcard_domain, app_name, } = req.query;
|
|
32
|
+
const { code, error, same_site, wildcard_domain, app_name, } = req.query;
|
|
33
|
+
if (!same_site) // we need to bounce so we get cookies
|
|
34
|
+
return res.send((0, core_1.sameSiteCallback)());
|
|
33
35
|
const oidcState = await (0, oidc_1.getOidc)(req, res);
|
|
34
36
|
if (!oidcState)
|
|
35
37
|
return res.status(400).end('OpenID Connect cookie lost');
|
|
36
|
-
const { code_verifier, nonce, redirect_uri,
|
|
38
|
+
const { code_verifier, nonce, redirect_uri, } = oidcState;
|
|
39
|
+
let { target_uri = '/' } = oidcState;
|
|
37
40
|
if (error)
|
|
38
41
|
return sendErrorPage(req.query, target_uri, req, res);
|
|
39
42
|
if (!code)
|
|
@@ -67,8 +70,6 @@ const handleCallback = async (req, res) => {
|
|
|
67
70
|
if (payload.iat > currentTimeInt + 5) { // 5 seconds of clock skew
|
|
68
71
|
return res.status(400).end('The ID token is not yet valid.');
|
|
69
72
|
}
|
|
70
|
-
// let auth = NotLoggedIn
|
|
71
|
-
let callbackProcessed = false;
|
|
72
73
|
let auth = {
|
|
73
74
|
isLoggedIn: true,
|
|
74
75
|
sub: payload.sub,
|
|
@@ -97,9 +98,10 @@ const handleCallback = async (req, res) => {
|
|
|
97
98
|
if ((_a = config_1.default.callbacks) === null || _a === void 0 ? void 0 : _a.loggedIn) {
|
|
98
99
|
try {
|
|
99
100
|
const cb = await config_1.default.callbacks.loggedIn({ token, payload, req, res });
|
|
100
|
-
|
|
101
|
-
if (cb === null || cb === void 0 ? void 0 : cb.accessDenied)
|
|
101
|
+
if (cb === null || cb === void 0 ? void 0 : cb.accessDenied) {
|
|
102
102
|
auth = auth_1.NotLoggedIn;
|
|
103
|
+
// TODO? set target_uri to not logged in setting?
|
|
104
|
+
}
|
|
103
105
|
else if (cb === null || cb === void 0 ? void 0 : cb.updatedAuth) {
|
|
104
106
|
auth = {
|
|
105
107
|
...cb.updatedAuth,
|
|
@@ -108,6 +110,7 @@ const handleCallback = async (req, res) => {
|
|
|
108
110
|
iat: payload.iat
|
|
109
111
|
};
|
|
110
112
|
}
|
|
113
|
+
target_uri = (cb === null || cb === void 0 ? void 0 : cb.target_uri) || target_uri;
|
|
111
114
|
}
|
|
112
115
|
catch (e) {
|
|
113
116
|
console.error(new Error('callback faulted'));
|
|
@@ -115,10 +118,7 @@ const handleCallback = async (req, res) => {
|
|
|
115
118
|
}
|
|
116
119
|
}
|
|
117
120
|
await (0, auth_1.saveAuthCookie)(res, auth);
|
|
118
|
-
|
|
119
|
-
res.redirect(target_uri
|
|
120
|
-
|| '/'); // just in case
|
|
121
|
-
}
|
|
121
|
+
res.json({ target_uri });
|
|
122
122
|
}
|
|
123
123
|
catch (error) {
|
|
124
124
|
(0, oidc_1.clearOidcCookie)(res);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/handlers/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAInD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAE9D,OAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AAEzB,MAAM,MAAM,cAAc,GAAG;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,QAAQ,CAAA;CAChB,CAAA;AAGD,MAAM,MAAM,gBAAgB,GAAG;IAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/handlers/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAInD,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAE9D,OAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,CAAA;AAEzB,MAAM,MAAM,cAAc,GAAG;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,OAAO,CAAC;IACb,GAAG,EAAE,QAAQ,CAAA;CAChB,CAAA;AAGD,MAAM,MAAM,gBAAgB,GAAG;IAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE;QAAC,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;KAAC,CAAA;CACrC,CAAA;AAGD,MAAM,MAAM,MAAM,GAAG;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC;IAChB,aAAa,CAAC,EAAE,YAAY,EAAE,CAAC;IAC/B,SAAS,CAAC,EAAE;QACR,QAAQ,CAAC,EAAE,CAAC,MAAM,EAAE,cAAc,KAAK,OAAO,CAAC,gBAAgB,CAAC,CAAA;KACnE,CAAC;IACF,MAAM,CAAC,EAAE;QACL,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,MAAM,CAAA;KACjB,CAAA;CACJ,CAAA;AAED,eAAO,MAAM,IAAI,WAAsB,MAAM,KAAG,MAQ/C,CAAA"}
|
package/dist/lib/auth.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { Auth } from '@hellocoop/types';
|
|
2
2
|
import { Request, Response } from 'express';
|
|
3
|
-
export declare const saveAuthCookie: (res: Response, auth: Auth
|
|
3
|
+
export declare const saveAuthCookie: (res: Response, auth: Auth) => Promise<boolean>;
|
|
4
4
|
export declare const clearAuthCookie: (res: Response) => Promise<void>;
|
|
5
5
|
export declare const getAuthfromCookies: (req: Request, res: Response) => Promise<Auth>;
|
|
6
6
|
export declare const NotLoggedIn: Auth;
|
package/dist/lib/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACvC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/lib/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAA;AACvC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAQ3C,eAAO,MAAM,cAAc,QAAgB,QAAQ,QAAQ,IAAI,KAAG,QAAQ,OAAO,CAgBhF,CAAA;AAED,eAAO,MAAM,eAAe,QAAgB,QAAQ,kBAKnD,CAAA;AAGD,eAAO,MAAM,kBAAkB,QAChB,OAAO,OAAO,QAAQ,KAC3B,QAAQ,IAAI,CAoBrB,CAAA;AAED,eAAO,MAAM,WAAW,EAAE,IAA2B,CAAA"}
|
package/dist/lib/auth.js
CHANGED
|
@@ -9,24 +9,17 @@ const config_1 = __importDefault(require("./config"));
|
|
|
9
9
|
const cookie_1 = require("cookie");
|
|
10
10
|
const oidc_1 = require("./oidc");
|
|
11
11
|
const { cookies: { authName, oidcName } } = config_1.default;
|
|
12
|
-
const
|
|
13
|
-
const setEncryptedCookie = (res, sameSite, encCookie) => {
|
|
14
|
-
const cookieName = sameSite ? authName : laxAuthName;
|
|
15
|
-
const options = {
|
|
16
|
-
httpOnly: true,
|
|
17
|
-
secure: config_1.default.production,
|
|
18
|
-
path: '/' // let any server side route call getAuth
|
|
19
|
-
};
|
|
20
|
-
if (sameSite)
|
|
21
|
-
options.sameSite = 'strict';
|
|
22
|
-
res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(cookieName, encCookie, options));
|
|
23
|
-
};
|
|
24
|
-
const saveAuthCookie = async (res, auth, sameSite = false) => {
|
|
12
|
+
const saveAuthCookie = async (res, auth) => {
|
|
25
13
|
try {
|
|
26
14
|
const encCookie = await (0, core_1.encryptObj)(auth, config_1.default.secret);
|
|
27
15
|
if (!encCookie)
|
|
28
16
|
return false;
|
|
29
|
-
|
|
17
|
+
res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(authName, encCookie, {
|
|
18
|
+
httpOnly: true,
|
|
19
|
+
secure: config_1.default.production,
|
|
20
|
+
sameSite: 'strict',
|
|
21
|
+
path: '/' // let any server side route call getAuth
|
|
22
|
+
}));
|
|
30
23
|
return true;
|
|
31
24
|
}
|
|
32
25
|
catch (e) {
|
|
@@ -46,16 +39,7 @@ const getAuthfromCookies = async function (req, res) {
|
|
|
46
39
|
const cookies = (0, cookie_1.parse)(req.headers.cookie || '');
|
|
47
40
|
if (cookies[oidcName]) // clear OIDC cookie if still there
|
|
48
41
|
(0, oidc_1.clearOidcCookie)(res);
|
|
49
|
-
const
|
|
50
|
-
if (laxAuthCookie) {
|
|
51
|
-
// rotate to a sameSite:strict cookie
|
|
52
|
-
setEncryptedCookie(res, true, laxAuthCookie);
|
|
53
|
-
res.appendHeader('Set-Cookie', (0, cookie_1.serialize)(laxAuthName, '', {
|
|
54
|
-
expires: new Date(0),
|
|
55
|
-
path: '/', // Specify the path
|
|
56
|
-
}));
|
|
57
|
-
}
|
|
58
|
-
const authCookie = cookies[authName] || laxAuthCookie;
|
|
42
|
+
const authCookie = cookies[authName];
|
|
59
43
|
if (!authCookie)
|
|
60
44
|
return exports.NotLoggedIn;
|
|
61
45
|
try {
|
package/dist/lib/oidc.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/lib/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAO3C,MAAM,MAAM,IAAI,GAAG;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,eAAO,MAAM,OAAO,QAAgB,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,GAAG,SAAS,CAepF,CAAA;AAID,eAAO,MAAM,QAAQ,QAAgB,OAAO,OAAO,QAAQ,QAAQ,IAAI,
|
|
1
|
+
{"version":3,"file":"oidc.d.ts","sourceRoot":"","sources":["../../src/lib/oidc.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAO3C,MAAM,MAAM,IAAI,GAAG;IACf,aAAa,EAAE,MAAM,CAAC;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,eAAO,MAAM,OAAO,QAAgB,OAAO,OAAO,QAAQ,KAAG,QAAQ,IAAI,GAAG,SAAS,CAepF,CAAA;AAID,eAAO,MAAM,QAAQ,QAAgB,OAAO,OAAO,QAAQ,QAAQ,IAAI,kBAetE,CAAA;AAED,eAAO,MAAM,eAAe,QAAU,QAAQ,SAK7C,CAAA"}
|
package/dist/lib/oidc.js
CHANGED